817394f12c
Generate a signed UEFI capsule from the final coreboot ROM image using EDK2 BaseTools. When using an EDK2 payload and enabling DRIVERS_EFI_UPDATE_CAPSULES and DRIVERS_EFI_GENERATE_CAPSULE, the build produces build/coreboot.cap once the ROM is finalised (after all files were added to CBFS). The capsule can also be generated explicitly with `make capsule`. Move the capsule generation and certificate preparation into payloads/external/edk2/Makefile, including generating the trusted root certificate PCD include via BinToPcd. Support capsule flows with an embedded FmpDxe driver by optionally embedding FmpDxe.efi into generated capsules, and wiring the embedded-driver Kconfig options through to the EDK2 payload build and capsule generation. Always set PersistAcrossReset on the capsule. Make InitiateReset configurable (default off) because Linux rejects capsules with InitiateReset when writing via /dev/efi_capsule_loader. Use CONFIG_DRIVERS_EFI_MAIN_FW_VERSION for GenerateCapsule --fw-version, but fall back to parsing a leading <major>.<minor> from CONFIG_LOCALVERSION when it is left at 0. If CONFIG_DRIVERS_EFI_MAIN_FW_LSV is 0, use the resolved firmware version. Document capsule generation and embedded driver configuration. Corresponding edk2 patches can be found at: https://github.com/tianocore/edk2/pull/12053 Change-Id: I5f56b894d40ddb49f3158bb72f0143d0ebe9c34c Signed-off-by: Sean Rhodes <sean@starlabs.systems> Reviewed-on: https://review.coreboot.org/c/coreboot/+/90862 Reviewed-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> |
||
|---|---|---|
| .. | ||
| coreinfo | ||
| external | ||
| libpayload | ||
| linuxcheck | ||
| nvramcui | ||
| Kconfig | ||
| Makefile.mk | ||